A new Trojan has cropped up and it's targeting Mac OS X users, one security firm says.
According to Sophos, the Trojan, called "BlackHole RAT" by its author and "MusMinim" by the security firm, is a variant of the Remote Access Trojan on Windows. The author of the Trojan says the malware is not yet completed, but it already does some annoying things.
Overall, Sophos believes that the prevalence of the Trojan is relatively low. The malware can be removed by using antivirus software.
If a Mac becomes infected, the Trojan places text files on the desktop, puts the computer to sleep, commands it to restart or shutdown, and runs "arbitrary shell commands," Sophos says. It also loads a phishing window to get users to input their administrator password. When a full-screen window pops up forcing users to restart their computer, a rather disconcerting message is displayed.
"I am a Trojan Horse, so I have infected your Mac Computer," says the text in the Trojan, according to Sophos. "I know, most people think Macs can't be infected, but look, you ARE Infected! I have full controll (sic) over your Computer and I can do everything I want, and you can do nothing to prevent it.
"So, Im a very new Virus, under Development, so there will be much more functions when I'm finished," the text continues.
The text in the Trojan will surely fuel the long-running debate over whether Mac OS X really is more secure than Windows. Those in the Apple camp point to the numerous Windows security issues that have broken out over the years, compared to the few on Mac OS X, to try and prove that Apple's platform is more secure. Those in the Windows camp believe security is a money game, and malicious hackers have more revenue to generate by targeting all the Windows users in the world, rather than the smaller number of Mac OS X users. It's simply that hackers have ignored Mac OS X, they say.
Sophos says that BlackHole RAT infects computers through downloads over the Web. It might also find its way to the user's Mac through "a vulnerability in your browser, plugins, and other applications."
Source: http://news.cnet.com/8301-13506_3-20037158-17.html?tag=topTechContentWrap;mostRead